2.5 Disable Generic Security Services (GSS)

Information

The GSS API is a security abstraction layer that is designed to make it easier for developers to integrate with different authentication schemes. It is most commonly used in applications for sites that use Kerberos for network authentication, though it can also allow applications to interoperate with other authentication schemes.

Rationale:

GSS does not expose anything external to the system as it is configured to use TLI (protocol = ticotsord) by default. This service should be disabled if it is not required.

Solution

To disable this service, run the following command:

# svcadm disable svc:/network/rpc/gss

See Also

https://workbench.cisecurity.org/benchmarks/4777

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.2

Plugin: Unix

Control ID: 328a1af02a5ad07b7784fd9cd64e326ea1ad83e0454a2a4fbda9405c27505f4f